I'm currently learning WordPress hooks and am delving into core to see what's happening in there. I noticed there are filters in wp-includes/default-filters.php with PHP comments about Kses. I wasn't ...

I uploaded a Theme at THE marketplace and got soft rejected because I should "always escape late"
I am not sure how to solve this other than I did. I have multiple if statements where HTML is saved ...

I'm setting up a blog which will make heavy use of MathJax, a JS library which renders LaTeX code into so-called "beautiful math". I'm using MathJax via the CDN rather than through JetPack because:
...

The docs for wp_kses_post() say "Sanitize content for allowed HTML tags for post content." iframe in general is an allowed tag, but more specifically I think it should allow tags created by WordPress ...

I've written a custom plugin to send data via a form to a personal database, different from the WP one. Everything is working fine except the fact that when you write a name, for example D'ALESSANDRO, ...

I've just started code according to VIP WordPress Coding Standards and I stuck with sanitization. I know that all outputs need sanitization without any exception. But how can I do sanitization of a ...

I'm implementing an inventory updater on a Wordpress product site that integrates with a 3rd-party website via their custom api. We're going to have a number of people updating the 3rd-party website, ...

This question is somehow related to this other question.
Provided that is seems we have a solution for the magic quotes issues, why the WP Core team does not allow them?
This is unclear to me and I ...

Simple question,
I see that some themes are using esc_attr or esc_html and url after they define varible with get_post_meta, while others are using it during variable definition. What would be best ...

I have added a select box in the Post meta. Here is the code, and it works fine. My question is, do I need to sanitize the values before updating the post meta? If yes, how it should be done?
This is ...

I'm trying to build up my own function to sanitize a URL before saving it to my WP database. However I cannot get esc_url_raw to trigger against unwanted protocols. The function below is letting all ...

So I'm working on a small plugin, and this plugin allows users to save data to my db. This data is mostly plain text but 3 fields are will have tags inside them.
1 field can be used to save all kind ...

In my admin for part i have additional fields (like price or brand - which is taxonomy). When i edit or create new part, i set up additional data.
and price saving is without any problem, but saving ...

I'm trying to create a Theme Customizer control in Wordpress that will allow the user to upload an MP4 and WEBM video, and in doing so I need to create a sanitization option to verify the file type. ...

I'm developing a plugin which enables the user to send HTML emails from within the WordPress admin. How should I sanitize the textarea input? It has to be able to contain the whole range of HTML tags ...

I'm creating a Wordpress theme that I'm hoping to sell on Themeforest. Now I know much about escaping user inputted data using functions like esc_html, esc_url and so on and I use them in the comments ...

I'm using the Custom Metaboxes and Fields code wich is pretty good. However I need sanitization on URL fields of course but the built in text_url field type is adding 'http://' to my entries.
I know ...

I'm making meta box for a custom post. This meta box will contain a href value. I dont need any validation that is it valid href value but i would like to do this in a way that it is secure.
I have ...